Senior Compliance Automation Engineer

About The Position

Requirements

• 5+ years of experience in enterprise IT operations (e.g., Senior Help Desk, Systems Administration, or Security Operations).
• Deep understanding of IAM, Active Directory, cloud environments, and endpoint security.
• 3+ years of technical GRC experience mapping and operationalizing controls under frameworks like NIST SP 800-171, CMMC, or ISO 27001.
• Proven track record of independently managing and executing technical projects.
• Ability to navigate ambiguity, define project scope, and lead cross-functional stakeholders without direct authority.
• Demonstrated ability to analyze systemic business and technical challenges, formulate long-term strategic solutions, and execute rollouts that improve enterprise-wide security posture.
• Experience using and integrating GRC platforms, combined with basic scripting knowledge to support automation efforts.
• Ability to obtain and maintain a US Secret security clearance

Responsibilities

• Drive End-to-End Projects: Lead complex, multi-department modernization initiatives from initial strategy through architectural design and execution. Own project schedules, resource planning, and milestone tracking.
• Autonomous Execution: Proactively identify gaps in our current compliance, security posture, and automation capabilities. Formulate and roll out strategic remediation plans with minimal oversight.
• Change Management: Lead enterprise-wide rollouts of new security policies, tooling, and baseline configurations, ensuring smooth adoption across technical and non-technical business units.
• Build Continuous Monitoring Pipelines: Architect and implement automated control evidence ingestion pipelines, integrating data from AWS/Azure, identity platforms, and endpoint management tools into our GRC platform. Operationalize AI models trained for compliance.
• Policy-as-Code & Engineering Standards: Translate regulatory, policy, and control requirements into technical designs. Collaborate with engineering and DevOps to operationalize policy-as-code and automated guardrails.
• Control Mapping & Framework Management: Direct the operational mapping of security controls across NIST SP 800-171, CMMC (Levels 2 & 3), ISO 27001, Sarbanes-Oxley, Cyber Essentials, et al.
• Technical Mentorship: Act as a subject matter expert and mentor to team members, setting technical and operational excellence standards for the Cyber Risk and Compliance Team.
• Cross-Functional Collaboration: Partner with Cybersecurity Engineering, IT Operations, and Cloud Infrastructure teams to resolve complex security challenges and ensure cohesive implementation of compliance standards.
• Risk Reporting: Translate complex, technical risk data into executive-ready reports, ensuring leadership has clear visibility into cumulative risk, trends, and mitigation priorities.

Benefits

• Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package.
• Top-tier benefits for full-time employees